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A METHOD FOR PERFORMING SHORT-RANGE WIRELESS 
TRANSACTIONS BETWEEN AN HYBRID WIRELESS TERMINAL AND 
A SERVICE TERMINAL OVER AN INTERFACE FOR SHORT-RANGE 
WIRELESS ACCESS AND CORRESPONDING SERVICE TERMINAL. 

5 

BACKGROUND OF THE INVENTION 

The present invention relates to wireless short-range data 

communication systems and more particularly to a method for performing 
short-range wireless transactions between an hybrid wireless terminal and a 
1 0 service terminal. 

An hybrid wireless terminal should be understood as a wireless 
C terminal dedicated to access to a radio communication network, as for 

example a GSM mobile phone or third generation UMTS mobile phone, 
further comprising an interface for short-range wireless access, for example 
15a Bluetooth interface. An example of such an hybrid wireless terminal is 
^ already known from Bluetooth Specification Version 1 .0 B page 100 from 1 

!; a 

n December 1999 and describes the "3-in-l phone" model with built-in 

Bluetooth technology. 

Q At home, the ''3-in 1 phone" functions as a cordless telephone. On 

20 the move, it functions as a cellular telephone. For these two first 
applications, the mobile telephone uses the usual interface to a radio 
communication network at home the 3-in-l phone communicates for 
example over DECT to a local base station, on the moves, the 3-in-l phone 
communicates over GSM. 
25 In a third configuration, when the 3-in-l phone comes within the 

range of another mobile phone with built-in Bluetooth technology, it 
functions as a walkie-talkie and communicates exclusively with the other 
mobile phone over the Bluetooth interface. In that case the communication 
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does not require resources from a radio communication network. 
Moreover, the communication is not billed. 

Bluetooth is a computing and telecommunications Industry 
specification that describes how mobile phones, computers, personal digital 
5 assistants and other stand-alone devices can easily interconnect with each 
other using a short-range wireless connection. The technology requires that 
a low-cost transceiver chip be included In each device. Each device is 
equipped with a microchip transceiver that transmits and receives in a 
frequency band of 2.45 GHz that is available globally (with some variation 
10 of bandwidth in different countries). The maximum range between two 
O Bluetooth equipped devices for setting up a connection is 10 meters. Data 

OS well as voice communications can be set up over the Bluetooth interface. 
Data can be exchanged at a rate of 1 megabits per second (up to 2 Mbps 
in the second generation of the technology). A frequency hop scheme 

;i 5 U 

13 15 allows devices to communicate even in areas with a great deal of 

1^ electromagnetic interference. Each device is identified by a unique 48-bit 

^ address defined in the Bluetooth standard. Built-in encryption and 

''^1 verification of this unique address is provided for ensuring the connection 

|i security. However, the verification described in the Bluetooth standard is 

20 uniquely based on a device identification. This identification prevents a 
Bluetooh device not registered at another Bluetooth device to communicate 
with it. A drawback of this device-based identification is that no user 
authentication is possible and as a consequence a lot of applications 
requiring a user authentication are not possible over the short-range 
25 wireless Bluetooth interface. 

The term service terminal Is used to cover terminals that are able to 
provide a service to a user that starts a transaction with this service terminal 
over a short range wireless interface. During a transaction, a user requests 
a service to be provided by the service terminal, the transaction comprises a 
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dialog between the user and the service terminal for checking the 
modalities in which the service has to be provided as well as an 
authentication of the user. If the authentication has been successful, the 
service terminal provides the service to the user and ends the transaction. 

Since the services provided by the service terminal are preferably 
billed to the user, the authentication of the user is required for authorizing 
the service terminal provider to be credited the amount of money required 
for the service. Possible examples of service terminals entering this category 
are: a toll gate that opens automatically and deducts the toll gate price 
from the bank account of drivers equipped with an hybrid mobile phone 
with Bluetooth interface, a drink automate that is controlled by an hybrid 
mobile phone from a user wanting to buy a drink, the cost of this drink 
being deducted from his bank account or added to his phone bill. 

On the other hand, the services provided by a service terminal may 
be confidential. In that case, an authentication of the user is also required 
to preserve confidentiality. Example of service terminals entering this 
category are printers of bank account extracts controlled with an hybrid 
mobile phone or printers of medical reports controlled over an hybrid 
mobile phone. 

A particular object of the present Invention is to provide a method 
enlarging the spectrum of applications supported by an hybrid mobile 
phone in providing a method for user authentication over the short-range 
wireless Interface. 

Another object of the invention is to take advantage of the 
capabilities of an hybrid terminal to reduce the load produced by certain 
applications on the radio communication network. 

SUMMARY OF THE INVENTION 

These objects, and others that appear below, are achieved by a 

method for performing a short-range wireless transaction between an 
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hybrid wireless terminal and a service terminal, the hybrid terminal being 
able to communicate over a first interface with radio communication 
network and over a second interface for short-range wireless access with a 
service terminal, the hybrid wireless terminal comprising a user 
authentication information for authenticating a user in the radio 
communication network The method comprises the steps of: 

- transmitting over the second interface for short-range wireless 
access a message to the service terminal comprising at least the 
user authentication information; 

- authenticating the user at the service terminal by checking the 
received user authentication information against an 
authentication database; 

- enabling the transaction if the user authentication has been 
successful. 

This method has the advantage that a transaction between the 
hybrid wireless terminal and the service terminal is independent on the 
radio communication network coverage. Indeed, even if the user is located 
in an area where no radio communication network coverage is provided, 
he can make a transaction with the service terminal. 

Another advantage of this method is that a transaction with the 
service terminal and a communication over the radio communication 
network can be performed simultaneously since the transaction with the 
service terminal does not require any radio communication network 
resources. 

The present invention also concerns a service terminal adapted to 
perform a transaction over a short-range wireless interface, comprising: 
- means for receiving a user authentication information from a wireless 
terminal, said user authentication information being dedicated to 
authenticate a user in a radio communication network; 
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- an authentication module for authenticating said user at said service 
terminal by checking said received user authentication information 
against an authentication database of said radio communication 
network, said authentication module enabling said transaction if said 
authentication has been successful. 

The present invention further concerns an hybrid wireless terminal 
comprising a first part for communicating with a radio communication 
network and a second part for communicating with a service terminal over 
a short-range wireless interface, said first part comprising a user 
authentication module for authenticating a user in said radio 
communication network, said second part having access to said user 
authentication module and transmitting at least an user authentication 
information contained in said user authentication module over said short- 
range wireless access interface to said service terminal for authenticating 
said user In said service terminal. 

This invention is based on a priority application EP 00 44 01 1 7 
which is hereby incorporated by reference. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Other characteristics and advantages of the invention will appear 

on reading the following description of a preferred implementation given 
by way of non-limiting illustrations, and from the accompanying drawings, 
in which: 

- Figure 1 shows a system where a method according to the invention 
can be implemented; 

- Figure 2 shows a flow diagram of an embodiment of the method 
according to the present invention; 

- Figure 3 shows an embodiment of a wireless terminal according to the 

present invention; 
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Figure 4 shows an embodiment of a service terminal according to the 
present invention. 

DETAILED DESCRIPTION OF THE INVENTION 

Figure 1 shows a system where a method according to the 

5 invention can be implemented. The system comprises an hybrid wireless 
terminal 11, a base station 1 3 belonging to a radio communication 
network 14, a service terminal 12 and an authentication database 15. 

Hybrid wireless terminal 1 1 comprises an antenna 111 for 
communicating over the air interface with base station 1 3 of the radio 
10 communication network 14 and a short-range wireless interface 112 for 
communicating over the air interface with service terminal 1 2. 

Radio communication network 1 4 Is preferably a GSM network or 
an UMTS network. However, any other radio communication network 
providing features ensuring communication security like authentication and 
15 authorization could also be examples for radio communication network 1 7. 

The short-range wireless interface used for communicating between 
hybrid wireless terminal 1 1 and service terminal 12 is preferably based on 
the Bluetooth standard. However, any other standardized short-range 
wireless interface may also be envisaged. Another example could be the 
20 Home RF standard. Both Bluetooth and Home RF are based on radio 
frequency communication. Also optical communication using infrared may 
be used over the short-range wireless interface. Standards defined by the 
infrared Data Association (IrDa) describes such an Infrared communication. 

An advantage of radio frequency communication over the short- 
25 range wireless interface is that the antenna may be used for communication 
with radio communication network 14 as well as with service terminal 14. 
By using infrared communication on short-range wireless interface an 
infrared emitter should be Incorporated to the hybrid terminal. 
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A condition for a connmunication to be established over the short- 
range wireless interface is that the distance between the hybrid wireless 
terminal and the service ternninal is compatible with the distance indicated 
in the standard (i.e. up to 10 meters for Bluetooth) for the radio wave to be 
5 received properly. 

Such a distance condition is usually not set for communicating with 
radio communication network 14 since it is the purpose of a radio 
communication network provider to design his network so that a whole 
area coverage is ensured. This is achieved by an appropriate positioning of 

10 the bases stations and the provision of hand-over procedure. The goal of 
short-range wireless communication, on the contrary, is to enable a 
communication between two devices either close to each other or even in 
front of each other without any obstacles in between. 

According to the invention hybrid wireless terminal 1 1 transmits 

15 over short-range wireless interface 112 a user authentication information 
used at service terminal 12 to perform user authentication. This user 
authentication information is located in an identification module at wireless 
terminal 1 1 already dedicated to be used for authenticating the user of 
wireless terminal 1 1 in radio communication network 1 4. This identification 

20 module Is preferably the SIM (Subscriber Identification Module) card and 
comprises user authentication information. Example of such user 
authentication Information may be the IMSI or TMSl (International resp. 
Temporary Mobile Subscriber Identification). Other possible user 
authentication information enabling it to univocally Identify the user may 

25 also be saved on the SIM card for example a bank account number or a 
PIN number. 

For providing such short-range communications with security 
somewhat comparable to the security provided in radio communication 
network 14, service terminal 1 2 is connected to a database 15 containing 
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user authentication infornnation of users authorized to moke transactions 
with service ternninal 1 2. 

This database may be physically connected to service terminal 12. 
Database 15 may also be part of service terminal 12 itself. In such a case, 
5 each service terminal is connected to a replicated version of database 15. 

Alternatively, this database 15 may be a central element to v/hich 
service terminal 1 2 is connected over an appropriate network. In this 
configuration, several service terminals may be simultaneously connected to 
database 1 5. In this case, the database contents have not to be replicated 
1 0 and as a consequence are less subject to data inconsistencies. 

In a preferred embodiment, database 15 is the same database as 
the one used by the radio communication network 14 for performing 
authentication in the radio communication network 14. In this embodiment, 
database 15 may correspond to the Home Location Register (HLR) of the 
15 radio communication network 14. The service terminal 12 is allowed by the 
radio communication network operator to have access to the HLR over a 
specific secured connection. In case service terminal 12 is part of a network 
of a plurality of service terminals, a central entity in the network of service 
terminal may be responsible for forwarding the authentication requests 
20 from the different service terminals to the HLR preferably over a permanent 
connection between this central entity and the HLR. 

Figure 2 shows a flow diagram of an embodiment of the method 
according to the present invention comprising steps 21 to 25. 

Step 21 consists in sending a transaction request from the hybrid 
25 wireless terminal to a service terminal. At this stage, the usual Bluetooth 
standardized connection procedure can be used. 

Step 22, also part of this standardized connection procedure, 
consists in performing the identification of the hybrid wireless terminal at 
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the service station. This identification makes use of the unique 48-bit 
address identifying each Bluetooth capable device. 

Step 23, according to the invention and additionally to the device 
identification performed at step 22, consists in performing user 
authentication. At this stage, a user authentication information stored in a 
identification module at the hybrid wireless terminal is transmitted in a 
specific message to the service terminal over the Bluetooth interface. This 
user authentication information is preferably also used for authenticating 
the user in the radio communication network, the hybrid wireless terminal is 
able to communicate with. 

Step 24 consists, upon reception of this specific message at the 
service terminal, in extracting the user authentication information and 
performing a check against a database containing user authentication 
information of all users authorized to perform a secured transaction with 
the service terminal. 

If the authentication is successful, that is to say the user is one of the 
users authorized to perform secured transactions with the service terminal, 
the service terminal sends an acknowledgement to the hybrid wireless 
terminal acknowledging his transaction request. 

Step 25 consists in performing the transaction itself. 

If the authentication at step 24 has not been successful, the 
transaction request is rejected. As additional security mechanism, the 
parameters of this unsuccessful transactions may be stored in a log file used 
for detecting suspicious transactions attempts. 

In a preferred embodiment, the message containing ihe user 
authentication Information may be protected by encryption for preventing 
possible interception attempts. This is all the more important as Interception 
of an unprotected user authentication information could enable an ill- 
intentioned interceptor to perform money transactions on the behalf of the 



07.06.2001 ZPL/S-We 



m 643 an. doc 



1 1 1 643 



* > 

user Any usual encryption nnechanlsms as known by those skilled in the art 
may be envisaged. It is possible to use the same encryption mechanism as 
the one used in the radio communication network, the hybrid wireless 
terminal is able to communicate with. 
5 Figure 3 shows an embodiment of an hybrid wireless terminal 

according to the present invention. Hybrid wireless terminal 30 comprises 
two parts 31 and 32. First part 31 is dedicated to support communication 
with a usual radio communication network as GSM or UMTS for example. 

First part 31 comprises an antenna 311, interface to the radio 
10 communication network, a first sender/receiver module 312, a first 
£3 communication controller 313, and a subscriber identification module 314. 

^IJ Second part 32 comprises a short-range wireless interface 321 for 

^ communicating over the air interface with a service terminal, a second 

III ^ ' 

HI sender/receiver module 322 and a second communication controller 323. 

□ 15 The standard used over this interface is preferably Bluetooth. 

In prior art solutions, the two parts 31 and 32 of this kind of hybrid 
terminal are independent form each other. On the contrary, according to 
-J the present invention, the subscriber identification module 314 is shared by 

%! first part 31 and second part 32 so that the second communication 

20 controller 322 can access to the subscriber identification module 314 for 
extracting a user authentication information form this module and 
transmitting it in an appropriate message over sender/receiver module 322 
and interface 321 on the short-range wireless interface. 

In another embodiment of hybrid wireless terminal 30, the two 
25 sender/receivers 312 and 322 or the two communication controllers 313 
and 323 may be located on the same physical entity, the communication 
process controlling the two parts being distinct. In that case the process 
controlling the communication of second part 32 has access to subscriber 
identification module 314 what would still be in the scope of this invention. 
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Figure 4 shows an embodinnent of a service terminal according to 
the present invention. Service terminal 40 comprises a short-range wireless 
interface 41, a sender/receiver module 42, a communication controller 43, 
an authentication module 44 and an authentication database 45. 

When receiving an message over interface 41, and sender/receiver 
42, this message Is forwarded to communication controller 43, said 
communication controller detects if this message is an authentication 
message comprising a user authentication information. If it is the case, this 
message is forwarded to authentication module 44 which makes a request 
to an authentication database 45 to check the user authentication 
information against the database contents. 

As already mentioned above, the authentication database may be 
external to the service terminal. In such a case, authentication module 44 
sends a authentication request to this external database over a dedicated 
interface. 

As also mentioned above, the user authentication information may 
be encrypted. It is also the task of the authentication module to decrypt the 
user authentication information before checking it against the database 
contents. If the authentication has been successful, the authentication 
module 44 triggers the communication controller to send a transaction 
acknowledgement over the sender/receiver 42 and the interface 41 . 

As a conclusion, according to this invention, sharing user 
authentication information between usual radio communication network 
and short range wireless communication system is a source of new value 
ndded and secured applications for user of hybrid wireless terminals. 
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S.U.M.M.A.R«Y 

The Invention relates notably to a nnethod for perfornning a short- 
range wireless transaction between an hybrid wireless terminal and a 
service terminal. The hybrid terminal is able to communicate over a first 
interface with a radio communication network and over a second interface 
for short-range wireless access with a service terminal, the hybrid wireless 
terminal comprises a user authentication information for authenticating a 
user in the radio communication network. 

According to the invention, the method comprises the steps of: 

- transmitting over the second interface for short-range wireless a message 
to the service terminal comprising at least the user authentication 
information; 

- authenticating the user at the service terminal by checking the received 
user authentication information against an authentication database; 

- enabling the transaction if the user authentication has been successful. 
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